Red Team Analyst Red Team Analyst …

in Singapore, Singapore, Singapore
Permanent, Full time
Last application, 01 Jun 20
in Singapore, Singapore, Singapore
Permanent, Full time
Last application, 01 Jun 20
Red Team Analyst
This position requires at least 3-7 years working experience and at least a Bachelor's Degree. A basic understanding of web application and infrastructure security is a must.
Duties will include 
•    Providing vulnerability assessment and penetration testing services to Citi businesses globally through a comprehensive testing process 
•    Identifying weaknesses and vulnerabilities within the system and proposing countermeasures. 
•    Testing of the overall security of critical infrastructure components and applications to ensure they comply with internal policies, security architecture best practices, and industry standards
•    Scanning and discovering rouge hosts, networks, and devices
•    Scanning and discovering vulnerable systems and applications
•    Reporting information security vulnerabilities to businesses and vendors
•    Subject matter expert in offensive information security including databases, networking, operating systems, applications, and programming.
The candidate is expected to already be familiar with the majority of the below tools:
•    Experience in Web development and programming languages i/e Java/J2EE (Servlets/JSPs, STRUTS, Spring Flow, JavaServer Faces, Hibernate, JDBC, Enterprise Java Beans) 
•    Vulnerability Assessment tools, e.g. Nessus, Qualys, etc
•    Penetration testing (application and/or infrastructure)
•    Identifying, researching, validating, and exploiting various different security vulnerabilities on server and client side 
•    Exploitation frameworks, e.g. Metasploit, CANVAS, Core Impact
•    C2 Frameworks: Cobalt Strike, Empire, Red Team Tool Kit, Voodoo
•    Social Engineering campaigns, e.g. email phishing, phone calls, SET
•    Deep understanding of OSI model
•    Security devices, e.g. Firewalls, VPN, AAA systems
•    OS Security, e.g. Unix, Linux, Windows, Cisco, etc
•    Understanding of common protocols, e.g. LDAP, SMTP, DNS, Routing Protocols
•    Web application infrastructure, e.g. Application Servers, Web Servers, Databases
•    Web development and programming languages i.e. Python, Perl, Ruby, Java, and/or .Net
•    Reporting information security vulnerabilities to businesses
The following requirements are a plus as we are willing to invest in training and development in the security and vulnerability space:
•    Conducting application vulnerabilities assessments and articulating security issues to technical and non-technical audience
•    Knowledge of tools and processes used to expose common vulnerabilities and implement countermeasures
•    Experience using open source and vendor vulnerability assessment tools
•    Background in a similar role
•    Understanding enterprise networks
In this role you will get a chance to work in a unique environment with diverse technology implementations. Personal development is important, all of our analysts acquire and maintain industry-accredited security certifications (the candidate must have or be willing to obtain the following ones) - GIAC, GXPN, GDAT, GWAPT, GPEN, GCIH, OSCP, OSCE, CREST, GMOB and CEH.

  • 5+ years of relevant experience
  • Consistently demonstrates clear and concise written and verbal communication
  • Proven influencing and relationship management skills
  • Proven analytical skills

  • Bachelor's degree/University degree or equivalent experience
  • Master's degree preferred

This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.
Grade :All Job Level - All Job FunctionsAll Job Level - All Job Functions - SG ------------------------------------------------------
Time Type : ------------------------------------------------------
Citi is an equal opportunity and affirmative action employer.
Minority/Female/Veteran/Individuals with Disabilities/Sexual Orientation/Gender Identity.
Citigroup Inc. and its subsidiaries ("Citi") invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity CLICK HERE .
To view the "EEO is the Law" poster CLICK HERE . To view the EEO is the Law Supplement CLICK HERE .
To view the EEO Policy Statement CLICK HERE .
To view the Pay Transparency Posting CLICK HERE .